package org.nuxeo.elasticsearch.client;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import javax.net.ssl.SSLContext;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.http.Header;
import org.apache.http.HttpHost;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
import org.apache.http.impl.client.BasicCredentialsProvider;
import org.apache.http.ssl.SSLContexts;
import org.apache.http.ssl.TrustStrategy;
import org.elasticsearch.client.RestClient;
import org.elasticsearch.client.RestClientBuilder;
import org.elasticsearch.client.RestHighLevelClient;
import org.nuxeo.ecm.core.api.NuxeoException;
import org.nuxeo.elasticsearch.api.ESClient;
import org.nuxeo.elasticsearch.api.ESClientFactory;
import org.nuxeo.elasticsearch.config.ElasticSearchClientConfig;
import org.nuxeo.elasticsearch.config.ElasticSearchEmbeddedServerConfig;
import org.nuxeo.elasticsearch.core.ElasticSearchEmbeddedNode;

/* loaded from: input_file:org/nuxeo/elasticsearch/client/ESRestClientFactory.class */
public class ESRestClientFactory implements ESClientFactory {
    private static final Log log = LogFactory.getLog(ESRestClientFactory.class);
    public static final String DEFAULT_CONNECT_TIMEOUT_MS = "5000";
    public static final String DEFAULT_SOCKET_TIMEOUT_MS = "20000";
    public static final String CONNECTION_TIMEOUT_MS_OPT = "connection.timeout.ms";
    public static final String SOCKET_TIMEOUT_MS_OPT = "socket.timeout.ms";
    public static final String AUTH_USER_OPT = "username";
    public static final String AUTH_PASSWORD_OPT = "password";
    public static final String KEYSTORE_PATH_OPT = "keystore.path";
    public static final String KEYSTORE_PASSWORD_OPT = "keystore.password";
    public static final String KEYSTORE_TYPE_OPT = "keystore.type";

    @Override // org.nuxeo.elasticsearch.api.ESClientFactory
    public ESClient create(ElasticSearchEmbeddedNode elasticSearchEmbeddedNode, ElasticSearchClientConfig elasticSearchClientConfig) {
        return elasticSearchEmbeddedNode != null ? createLocalRestClient(elasticSearchEmbeddedNode.getConfig()) : createRestClient(elasticSearchClientConfig);
    }

    protected ESClient createLocalRestClient(ElasticSearchEmbeddedServerConfig elasticSearchEmbeddedServerConfig) {
        if (!elasticSearchEmbeddedServerConfig.httpEnabled()) {
            throw new IllegalArgumentException("Embedded configuration has no HTTP port enable, use TransportClient instead of Rest");
        }
        RestHighLevelClient restHighLevelClient = new RestHighLevelClient(RestClient.builder(new HttpHost[]{new HttpHost("localhost", Integer.parseInt(elasticSearchEmbeddedServerConfig.getHttpPort()))}));
        return new ESRestClient(restHighLevelClient.getLowLevelClient(), restHighLevelClient);
    }

    protected ESClient createRestClient(ElasticSearchClientConfig elasticSearchClientConfig) {
        String option = elasticSearchClientConfig.getOption("addressList", "");
        if (option.isEmpty()) {
            throw new IllegalArgumentException("No addressList option provided cannot connect RestClient");
        }
        String[] split = option.split(",");
        HttpHost[] httpHostArr = new HttpHost[split.length];
        int i = 0;
        for (String str : split) {
            int i2 = i;
            i++;
            httpHostArr[i2] = HttpHost.create(str);
        }
        RestClientBuilder maxRetryTimeoutMillis = RestClient.builder(httpHostArr).setRequestConfigCallback(builder -> {
            return builder.setConnectTimeout(getConnectTimeoutMs(elasticSearchClientConfig)).setSocketTimeout(getSocketTimeoutMs(elasticSearchClientConfig));
        }).setMaxRetryTimeoutMillis(getConnectTimeoutMs(elasticSearchClientConfig));
        if (StringUtils.isNotBlank(elasticSearchClientConfig.getOption(AUTH_USER_OPT)) || StringUtils.isNotBlank(elasticSearchClientConfig.getOption(KEYSTORE_PATH_OPT))) {
            addClientCallback(elasticSearchClientConfig, maxRetryTimeoutMillis);
        }
        RestHighLevelClient restHighLevelClient = new RestHighLevelClient(maxRetryTimeoutMillis);
        return new ESRestClient(restHighLevelClient.getLowLevelClient(), restHighLevelClient);
    }

    private void addClientCallback(ElasticSearchClientConfig elasticSearchClientConfig, RestClientBuilder restClientBuilder) {
        BasicCredentialsProvider credentialProvider = getCredentialProvider(elasticSearchClientConfig);
        SSLContext sslContext = getSslContext(elasticSearchClientConfig);
        restClientBuilder.setHttpClientConfigCallback(httpAsyncClientBuilder -> {
            if (sslContext != null) {
                httpAsyncClientBuilder.setSSLContext(sslContext);
            }
            if (credentialProvider != null) {
                httpAsyncClientBuilder.setDefaultCredentialsProvider(credentialProvider);
            }
            return httpAsyncClientBuilder;
        });
    }

    protected BasicCredentialsProvider getCredentialProvider(ElasticSearchClientConfig elasticSearchClientConfig) {
        if (StringUtils.isBlank(elasticSearchClientConfig.getOption(AUTH_USER_OPT))) {
            return null;
        }
        String option = elasticSearchClientConfig.getOption(AUTH_USER_OPT);
        String option2 = elasticSearchClientConfig.getOption(AUTH_PASSWORD_OPT);
        BasicCredentialsProvider basicCredentialsProvider = new BasicCredentialsProvider();
        basicCredentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials(option, option2));
        return basicCredentialsProvider;
    }

    protected SSLContext getSslContext(ElasticSearchClientConfig elasticSearchClientConfig) {
        if (StringUtils.isBlank(elasticSearchClientConfig.getOption(KEYSTORE_PATH_OPT))) {
            return null;
        }
        try {
            Path path = Paths.get(elasticSearchClientConfig.getOption(KEYSTORE_PATH_OPT), new String[0]);
            String option = elasticSearchClientConfig.getOption(KEYSTORE_PASSWORD_OPT);
            String str = (String) StringUtils.defaultIfBlank(elasticSearchClientConfig.getOption(KEYSTORE_TYPE_OPT), KeyStore.getDefaultType());
            char[] charArray = StringUtils.isBlank(option) ? null : option.toCharArray();
            KeyStore keyStore = KeyStore.getInstance(str);
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
            Throwable th = null;
            try {
                keyStore.load(newInputStream, charArray);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return SSLContexts.custom().loadTrustMaterial(keyStore, (TrustStrategy) null).build();
            } finally {
            }
        } catch (IOException | GeneralSecurityException e) {
            throw new NuxeoException("Cannot setup SSL for RestClient: " + elasticSearchClientConfig, e);
        }
    }

    protected int getConnectTimeoutMs(ElasticSearchClientConfig elasticSearchClientConfig) {
        return Integer.parseInt(elasticSearchClientConfig.getOption(CONNECTION_TIMEOUT_MS_OPT, DEFAULT_CONNECT_TIMEOUT_MS));
    }

    protected int getSocketTimeoutMs(ElasticSearchClientConfig elasticSearchClientConfig) {
        return Integer.parseInt(elasticSearchClientConfig.getOption(SOCKET_TIMEOUT_MS_OPT, DEFAULT_SOCKET_TIMEOUT_MS));
    }

    protected void checkConnection(RestHighLevelClient restHighLevelClient) {
        boolean z = false;
        try {
            z = restHighLevelClient.ping(new Header[0]);
        } catch (IOException e) {
            log.error(e.getMessage(), e);
        }
        if (!z) {
            throw new IllegalStateException("Fail to ping rest node");
        }
    }
}
